Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp3282672lqo; Wed, 15 May 2024 05:28:10 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCV4+TKOkVULgiFXDA1SqKIsXcZfzKmgsch5hqsgKQdkhXLIQqykf79nSw/r3hAo5TqFXPkG1N32Aze/f1HgbJAjbq2X2FiEjmZBX5QPBg== X-Google-Smtp-Source: AGHT+IG/xYWPLZxfnV8bBlglhJuZLRWhouc9xav4mM7hHDKYjiKj57KQmNHGpsjwCDuVwoDUEtW4 X-Received: by 2002:a05:6a21:99aa:b0:1af:d044:1397 with SMTP id adf61e73a8af0-1afde0b7024mr17536573637.3.1715776090001; Wed, 15 May 2024 05:28:10 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715776089; cv=pass; d=google.com; s=arc-20160816; b=ktipJ6Al/FT46Hcq0j/xpdf6hBIlMWnXRhDw89boizUiXMNkHYazRGnwol6IdOWTc0 0j0rtd3oRdG+dM+KIfRIOMuYnIvm/YZ7FX620JyD1f/ExOW2wqk6LP+pEkvQtlUEA1NG BdUbvpc4/Yd0Fh88UQROgjwPfF2hNAYJDo9JX4LImdyu/LBCr5CePjlUr/8WZKKikza/ 8TuH3sr0xdcIBtQkblb1DCZvODgEXvUfBMBdWX/GRF11wU88DDKoSkAMItzznFsGx6gI Nc1FdUq3FfKPskALuaJ387UGQnnFORDdkkYirEhEZulLjKTREw7J3CNFf6YoBaNgI6jL h4XA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:content-language:in-reply-to:mime-version :list-unsubscribe:list-subscribe:list-id:precedence:user-agent:date :message-id:from:references:cc:to:subject; bh=XnVmENj2emYVIQjOWpGfTKnNUakKtV95g18HGn/csmA=; fh=HskDy6nBx1tnHs1pVgWKEZ7zJ+oaoGZyr54UPOmmP8E=; b=HtOMCRa6/9GWxROi6nNhbda95h1NPAgMHRPVFBP9/Cd+AqXRRuqtpALiKPFl66/fRc AcJMlDubnWXILNl9Vn2BMZm59/Y23PbBWVgnFksJlG4erjA10b/EGMFVVUd5kpfvYtHK 6P9yeVj06toGCkK1bsuaXGOLny1YT2Hckc84d7kF3zvq1L3Lbjd3O4ISZLcv3k3ihzN8 buXmR9tbJVsG44gtWQBU9A9dUQHdTQKKG8Sr2eV+dCx1dUWq7G2VO6O46weFZy8y9x8g ERG4fpyI5BxXdGBFmKcovCgNevHsWCalpRingRJ40Ohpohn7u1umy7Vx7hu0MrU392gY 69wg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=huaweicloud.com); spf=pass (google.com: domain of linux-kernel+bounces-179847-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-179847-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id d9443c01a7336-1f06a25306dsi80553205ad.260.2024.05.15.05.28.09 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 May 2024 05:28:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-179847-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=huaweicloud.com); spf=pass (google.com: domain of linux-kernel+bounces-179847-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-179847-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id A36D72833E8 for ; Wed, 15 May 2024 12:28:09 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A6CAC757FD; Wed, 15 May 2024 12:28:01 +0000 (UTC) Received: from dggsgout12.his.huawei.com (unknown [45.249.212.56]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E75AB2746D; Wed, 15 May 2024 12:27:58 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=45.249.212.56 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715776081; cv=none; b=NKJMr0zLg1wJmLiTrFlqnQl/+XQjREtsAmj2+2ITyErSydBWau5eXltwYXR/TRGGi8nOSxyj7MLOKO9PuW4hnzatnrRTDap4FVkc+sTGUZCKfUG3kpnpC3KYAWIkucl9htCPAdI3yRNHW7gVqHxWWg5WNaIg/ZNbTx7IWGjXSvM= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715776081; c=relaxed/simple; bh=ppzDSmzaYbhuqGtfGiSLNmP0yC2n+xXzUY8/vULwOeE=; h=Subject:To:Cc:References:From:Message-ID:Date:MIME-Version: In-Reply-To:Content-Type; b=g68roacDdHDO5/4hBms6Vf8cz5lJHuA2XU0FGfDxCo9OkIJakWogt0fXc3R/xzOrgg5qINYPWqUnS7LQtfjFeeeXXcoalrrotN/r11DfD/tgGAtaMKdbnpCp+AdMsCxu6dFzYL17Z7IaoX8eWBudQzB+bWwk+5Xj1UtVgmUAHxA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com; spf=pass smtp.mailfrom=huaweicloud.com; arc=none smtp.client-ip=45.249.212.56 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=huaweicloud.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=huaweicloud.com Received: from mail.maildlp.com (unknown [172.19.163.216]) by dggsgout12.his.huawei.com (SkyGuard) with ESMTP id 4VfXYZ1zdNz4f3jdS; Wed, 15 May 2024 20:27:46 +0800 (CST) Received: from mail02.huawei.com (unknown [10.116.40.75]) by mail.maildlp.com (Postfix) with ESMTP id EB29F1A0199; Wed, 15 May 2024 20:27:54 +0800 (CST) Received: from [10.174.179.80] (unknown [10.174.179.80]) by APP2 (Coremail) with SMTP id Syh0CgC32w5KqkRmenYqNA--.4809S3; Wed, 15 May 2024 20:27:54 +0800 (CST) Subject: Re: [PATCH v2] ext4: fix infinite loop when replaying fast_commit To: "Luis Henriques (SUSE)" Cc: linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, Theodore Ts'o , Andreas Dilger , Harshad Shirwadkar References: <20240515082857.32730-1-luis.henriques@linux.dev> From: Zhang Yi Message-ID: <1761896f-ce12-9aeb-616d-8451b1436943@huaweicloud.com> Date: Wed, 15 May 2024 20:27:54 +0800 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.12.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 In-Reply-To: <20240515082857.32730-1-luis.henriques@linux.dev> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-CM-TRANSID:Syh0CgC32w5KqkRmenYqNA--.4809S3 X-Coremail-Antispam: 1UD129KBjvJXoW7Ar1rCF4kWF4UGw1rXw1xuFg_yoW8Xr47pa 93uw1UGr18Z3y8Kay7Gw4xZF1Ykw4xG3y3GryfGrnY9F98Xrna9F18KFW5K3Z7W3yxJa4j qF40y3WDCa1qkaDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUyEb4IE77IF4wAFF20E14v26r4j6ryUM7CY07I20VC2zVCF04k2 6cxKx2IYs7xG6rWj6s0DM7CIcVAFz4kK6r1j6r18M28lY4IEw2IIxxk0rwA2F7IY1VAKz4 vEj48ve4kI8wA2z4x0Y4vE2Ix0cI8IcVAFwI0_Ar0_tr1l84ACjcxK6xIIjxv20xvEc7Cj xVAFwI0_Gr1j6F4UJwA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x 0267AKxVW0oVCq3wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC0VAKzVAqx4xG 6I80ewAv7VC0I7IYx2IY67AKxVWUGVWUXwAv7VC2z280aVAFwI0_Jr0_Gr1lOx8S6xCaFV Cjc4AY6r1j6r4UM4x0Y48IcVAKI48JMxk0xIA0c2IEe2xFo4CEbIxvr21l42xK82IYc2Ij 64vIr41l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x 8GjcxK67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r126r1DMIIYrxkI7VAKI48JMIIF0xvE 2Ix0cI8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14v26r4j6F4UMIIF0xvE42 xK8VAvwI8IcIk0rVW3JVWrJr1lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z280aVCY 1x0267AKxVW8JVW8JrUvcSsGvfC2KfnxnUUI43ZEXa7IUbPEf5UUUUU== X-CM-SenderInfo: d1lo6xhdqjqx5xdzvxpfor3voofrz/ On 2024/5/15 16:28, Luis Henriques (SUSE) wrote: > When doing fast_commit replay an infinite loop may occur due to an > uninitialized extent_status struct. ext4_ext_determine_insert_hole() does > not detect the replay and calls ext4_es_find_extent_range(), which will > return immediately without initializing the 'es' variable. > > Because 'es' contains garbage, an integer overflow may happen causing an > infinite loop in this function, easily reproducible using fstest generic/039. > > This commit fixes this issue by unconditionally initializing the structure > in function ext4_es_find_extent_range(). > > Thanks to Zhang Yi, for figuring out the real problem! > > Fixes: 8016e29f4362 ("ext4: fast commit recovery path") > Signed-off-by: Luis Henriques (SUSE) Thanks for fixing this issue,looks good to me. Reviewed-by: Zhang Yi > --- > fs/ext4/extents_status.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/fs/ext4/extents_status.c b/fs/ext4/extents_status.c > index 4a00e2f019d9..3a53dbb85e15 100644 > --- a/fs/ext4/extents_status.c > +++ b/fs/ext4/extents_status.c > @@ -310,6 +310,8 @@ void ext4_es_find_extent_range(struct inode *inode, > ext4_lblk_t lblk, ext4_lblk_t end, > struct extent_status *es) > { > + es->es_lblk = es->es_len = es->es_pblk = 0; > + > if (EXT4_SB(inode->i_sb)->s_mount_state & EXT4_FC_REPLAY) > return; > >